Description
Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.
Remediation
Delete wp-content/themes/OptimizePress/lib/admin/media-upload.php file.
References
Related Vulnerabilities
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
Code Evaluation (Apache Struts) S2-045
Ruby Improper Input Validation Vulnerability (CVE-2009-4492)
Ruby Improper Input Validation Vulnerability (CVE-2015-1855)
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)